McAfee VirusScan Enterprise 8.0i

1
McAfee VirusScan Enterprise 8.0i
Originally released to us on 22 September,
2004 Due to issues with the newest version of
McAfees Installation Designer software (released
25 August), we have been unable to deploy it to
campus. Because of the above issue, a customized
installer was required. 8.0i i is for
Intrusion Protection/Prevention Developed by
McAfees Entercept (host based intrusion
prevention) and incorporated into the Buffer
Overflow Protection feature set.
2
McAfee VirusScan Enterprise 8.0i
UPDATES By default, 8.0i will update once per
day. Our configuration will update once every 6
hours (randomized). Dialup update will check for
a new DAT version upon dialup no more than once
per day. Startup update will check for a new DAT
version upon startup no more than once per day,
and delayed 10 minutes so that all required
services are started prior to attempting the
download.
3
McAfee VirusScan Enterprise 8.0i
Access Protection SMTP outbound blocker will
prevent access to outbound TCP Port 25 unless the
.exe file is in the excluded processes
list IRC communication blocker. Lots of
file/folder protection rules. (limits launching
programs from the Temp folder, prevents remote
modification of .exe/.scr/.dll files, etc.)
4
McAfee VirusScan Enterprise 8.0i
Unwanted Programs Will detect SpyWare and AdWare
(top 200 variants) Will also catch Password
Crackers (L0pht Crack), some administration
tools, etc. All of these options are enabled by
default, and do not interfere with Microsofts
Remote Desktop protocol
5
McAfee VirusScan Enterprise 8.0i
Engine 4400 Update Includes technology to combat
the latest and future threats. Improved
detection and cleaning. Support for many more
Packed Executable formats in which known malware
is often re-packaged for obfuscation purposes.
Specific detection and reporting of files
compressed or packaged with known suspicious
applications. Enhancements to the emergency DAT
file (EXTRA.DAT) structure allowing a larger DAT
file size. Enhancements to enable scanning of
non-standard ZIP archives. Native support for
Windows XP 64-Bit Edition for 64-Bit Extended
Systems.
6
McAfee VirusScan Enterprise 8.0i
CAVEATS The rules in VS8.0i will NOT provide a
popup when a rule is enforced IRC block TCP
Port 6666 also used by a ghost client file that
will be prevented from accessing the
Internet/Network if no exclusion is made for
it. IRC block TCP Port 6666 possibly used by
a component of Veritas BackupExec. You should be
able to customize BackupExec to fit this schema,
or create an exclusion for the required
executable file. SMTP Outbound block TCP Port
25 if a unique email application is being used,
verify the executable that controls the email and
make an exclusiontry and avoid disabling the
feature.
7
McAfee VirusScan Enterprise 8.0i
HOW THE SCRIPT WORKS UIUC_VirusScan_80i.exe self
extracts to c\avtemp, and runs
setup.exe Setup.exe calls script.vbs (cscript
c\avtemp\script.vbs) Script.vbs does an OS
fingerprint based on a registry
key HKLM\Software\Microsoft\Windows NT\Current
Version\Current Version Runs case-specific
conditions. All of these include setup.exe and
verifying a registry entry to confirm that
VirusScan 8.0i (version 8.0.0.912) has been
installed. Next it applies OS-specific registry
entries to configure the scans, updates, etc.
Finally, it copies the repository list
(sitelist.xml) from c\avtemp\repository to the
appropriate location (different between NT 4.0
and 2000/XP/2003). Overinstalls 7.x just fine in
testingpreserving or replacing settingsit will
add the UIUC configurations. Also included are
the default registry entries from McAfee in case
theyre needed.
8
Fin